Cyware Daily Threat Intelligence April 09, 2018

Top Malware Reported in the Last 24 Hours
Fake WhatsApp Plus
Hackers are circulating a fake WhatsApp app, dubbed WhatsApp Plus, on the web. This malicious app is a variant of Android/PUP.Riskware.Wtaspin.GB, a fake WhatsApp riskware. The app is capable of stealing sensitive information from the infected smartphone and also install malware. The APK file of the app is in circulation online via comments on blogs and forums.

NetSupport Manager RAT
Compromised websites are being leveraged to spread NetSupport Manager remote access tool (RAT) in the form of fake updates masquerading as Adobe Flash, Chrome, and FireFox updates. This is a malicious JavaScript payload, that sends basic system information--like architecture, computer name, username, processors, OS, domain, manufacturer, model, MAC address, keyboard, pointing device, display controller configuration, and more--to the server.

LockCrypt ransomware cracked
Weakness in encryption in the LockCrypt ransomware has been identified by security researchers. The malware is spread via RDP brute-force attacks that must be manually installed. Since the hackers reused the buffer, their algorithm became vulnerable to a plain text attack.

Top Vulnerabilities Reported in the Last 24 Hours
XSS Flaw found in IBM WebSphere Portal
A cross-site scripting (XSS) flaw, dubbed as CVE-2018-1483, has been discovered in IBM WebSphere Portal. This flaw allows hackers to embed arbitrary JavaScript code in the UI of the web to alter the intended functionality and leads to the disclosure of the credentials. The flaw has already been fixed.

Authentication bypass flaw in Auth0 Identity platform
An authentication bypass vulnerability has been discovered in identity-as-a-service platform Auth0. Exploiting this flaw would allow hackers to access any portal or application, which are using Auth0 service for authentication. The vulnerability has been mitigated as the affected libraries have been extensively rewritten. New versions of SDKs have also been released.

Vulnerability in Linux Beep Command
A local privilege escalation vulnerability has been discovered in beep, an advanced PC speaker beeper. Beep allows the calling user to trigger those side effects even if they are not authorized to do so. Users needn't worry, as this tool doesn't exist in most of the modern day processors.



Tags


    • Share this blog:
    To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.